Ransomware detection and recovery tools and techniques are getting better. Unfortunately, so are ransomware developers. They are making ransomware harder to find and encrypted files harder to recover.

“At the end of the day, ransomware has to do one thing, and that’s overwrite or lock the file system,” says Brian Bartholomew, senior security researcher, Global Research and Analysis Team (GReAT) at Kaspersky Lab. The linear activity associated with overwriting or locking up data makes ransomware easy to detect, he notes. “If you think of all the files on a system as a list, ransomware just goes right down the list and starts encrypting them,” says Bartholomew.

Read more here.